My (numerous) Windows Group Policy Issues
- From: Ralish <Ralish@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 22 Aug 2005 01:12:08 -0700
Hey there,
The background:
I am a school student who has a passion for information technology :)
So recently I have been educating myself with an evaluation copy of Windows
Server 2003 set up in a new test domain. Over the past few weeks I have been
experimenting with the Group Policy functionality of Windows Server 2003. As
a good starting point I have been reading the Windows Server 2003 Security
Guide (v1.3) located at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=8a2643c1-0685-4d89-b655-521ea6c7b4db&displaylang=en
This is where my issues with Windows Group Policy begin:
1. Having added the extra recommended MSS Settings, located in the companion
Threats and Countermeasures Guide (v1.2) located at:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B6ACF93-147A-4481-9346-F93A4081EEA8&displaylang=en
to the Security Configuration Editor for application through Group Policy I
have wanted to remove some of these settings from the SCE. The procedure is
not described in either of the guides, and I can only find mention of the
procedure in this KB article:
http://support.microsoft.com/default.aspx?scid=214752 (scroll to the bottom).
However, the procedure is not designed for Windows 2003, and I can not get
it to work. Does anyone know how to successfully remove custom entries from
the SCE in Windows 2003, can Microsoft update this article to make it
applicable to their newest server OS?
2. I decided to apply the High Security settings described in the guide
having always taken an interest in security. Although the settings are warned
to have a possible effect on application compatibility, it was not implied
that the settings would break key Windows functionality. After applying the
security settings to Group Policy and restarting, numerous fundamental
Windows Services would fail to start (COM+ Event System is frozen in starting
mode, Cert Services, IIS Admin, etc... all fail to start, along with various
RPC Server issues). Perhaps this guide has not been updated to reflect
Service Pack 1 changes? Either way, I can not amend the Group Policy as the
File Replication Service now refuses to start and the Sysvol share is not
available. Is it possible to reset the User Rights Assignment settings back
to factory default without the use of Group Policy or the Sysvol share?
Finally, are there any good resources anyone can recommend that discuss in
detail the user rights assignments settings that take into account Windows
2003 SP1?
Thanks in advance for any and all help,
Ralish
.
- Follow-Ups:
- Re: My (numerous) Windows Group Policy Issues
- From: Steven L Umbach
- Re: My (numerous) Windows Group Policy Issues
- Prev by Date: Re: Domain users unable to change password
- Next by Date: RE: ScreenSaver Config
- Previous by thread: GPO Not Applying
- Next by thread: Re: My (numerous) Windows Group Policy Issues
- Index(es):
Relevant Pages
|
